HTTPS has long become mandatory for websites of all types and sizes. Ever since Chrome began flagging HTTP sites as not secure, HTTPS adoption has skyrocketed. Today, the encrypted traffic across Google has surpassed the 90% mark. While this figure is impressive, outside of Google, in the Web wilderness, plenty of unsecured websites and legacy links still endanger users’ sensitive data.
For cyber-attackers, unprotected sites remain the easiest prey. With man-in-the-middle attacks, they can intercept and steal the personal information of unsuspecting users. On the HTTP protocol, all data in transit between browsers and servers is in plain text for everyone to see. In an environment where people must share their names and payment details to shop or use services, there is no room for such a critical vulnerability.
The leading browsers and security companies are on a continuous mission to encrypt the entire Internet. It all had started when Google decided to offer a slight SEO boost to encourage the HTTPS migration. And, since all sites are obsessed with SEO, the incentive worked like a charm.
But Google was just warming up. Soon, a complete blackout of HTTP sites followed, when Chrome and later Firefox began issuing security warnings to unencrypted websites. Speaking of Firefox, the popular browser announced a brand new HTTPS-only mode in its latest update that enhances users’ privacy and security.
What is HTTPS-Only mode?
In short, HTTPS-only mode is a new security feature, part of the Firefox 83 release that allows users to connect to websites via the secure HTTPS protocol only (whenever possible). Here’s a snippet from the official release notes:
“Once HTTPS-Only Mode is turned on, you can browse the web as you always do, with confidence that Firefox will upgrade web connections to be secure whenever possible, and keep you safe by default.”
If you’re a Firefox user, you can now enforce HTTPS connections whenever they’re available, and if the site doesn’t have an SSL certificate, receive an alert. That’s great news when millions of sites haven’t migrated to HTTPS yet. By enabling the HTTPS-only mode, you further reduce the risk of an information breach.
Even if you intentionally attempt to connect to an unsecured HTTP site, Firefox will override it and use HTTPS if it’s available on the site. If it can’t connect over HTTPS, it will warn you instead. So, how do you activate the HTTPS-only mode? Follow the steps below, and you’ll have it running in no time.